smokeloader | 7a91a6e6b572eb51cf9ffbab2f9fb8aee8969742574ced8fb62f4b79d133cbb6 | Triage

Sharing

General

Target

b4e83bdbab9ee87d0f446a12f8f55e6ea3240104050bd6cac0df51414ed95e14N.exe
Size

226KB
Sample

241111-efsq2awjej
MD5

2a1be8a1dcd1a4afb2da4853ef9b47b4
SHA1

3d194e330146797481e89dd68ff9ac014da5e985
SHA256

7a91a6e6b572eb51cf9ffbab2f9fb8aee8969742574ced8fb62f4b79d133cbb6
SHA512

7e3c3b19a5dc9f9a2cfdad2bf07d573edf7518793ae97fc5bc472433ce12dc2c6b7420dbfbb632d2d283935acf90f30d9c5d3126555c1bee1c514c18588f2295
SSDEEP

3072:UFP/v9qWc+6Y1W8XAJ44AE6Fok0s8YqxPnDTIbBkOAg0FujAQ4S5Oht2q7iNK54k:q/0E6L8Xs4BE6Z0uqxPIXAOwv77iw56A

Score

10^/10

smokeloader wood backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

wood

Targets

- Target
  
  b4e83bdbab9ee87d0f446a12f8f55e6ea3240104050bd6cac0df51414ed95e14N.exe
- Size
  
  226KB
- MD5
  
  2a1be8a1dcd1a4afb2da4853ef9b47b4
- SHA1
  
  3d194e330146797481e89dd68ff9ac014da5e985
- SHA256
  
  7a91a6e6b572eb51cf9ffbab2f9fb8aee8969742574ced8fb62f4b79d133cbb6
- SHA512
  
  7e3c3b19a5dc9f9a2cfdad2bf07d573edf7518793ae97fc5bc472433ce12dc2c6b7420dbfbb632d2d283935acf90f30d9c5d3126555c1bee1c514c18588f2295
- SSDEEP
  
  3072:UFP/v9qWc+6Y1W8XAJ44AE6Fok0s8YqxPnDTIbBkOAg0FujAQ4S5Oht2q7iNK54k:q/0E6L8Xs4BE6Z0uqxPIXAOwv77iw56A
Score

10^/10

smokeloader wood backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderwoodbackdoordiscoverytrojan

behavioral2

smokeloaderwoodbackdoordiscoverytrojan